On Wed, Jul 07, 2004 at 03:29:48AM -0700, William Lee Irwin III wrote: > On Wed, Jul 07, 2004 at 11:44:06AM +0900, Horms wrote: > > What needs to be done? > > Basically, update cvs to the current 2.4 in order to get security fixes > from newer mainline 2.4, and send out packages. >
Just a comment: there's not a single CVE# reference in the changelog for the whole year 2004. That's a bad habit, because it causes nightmare when security patches need to be verified. What follows are issues to be checked for 2.4.26 and 2.6.7, AFAIK. * CAN-2004-0133: The XFS file system in 2.4 series kernels has an information leak by which data in the memory can be written to the device hosting the file system, allowing users to obtain portions of kernel memory by reading the raw block device. * CAN-2004-0181: The JFS file system in 2.4 series kernels has an information leak by which data in the memory can be written to the device hosting the file system, allowing users to obtain portions of kernel memory by reading the raw device. * CAN-2004-0228: Due to an integer signedness error in the CPUFreq /proc handler code in 2.6 series Linux kernels, local users can escalate their privileges. * CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers does not use the fb_copy_cmap method of copying structures. The impact of this issue is unknown, however. * CAN-2004-0394: A buffer overflow in the panic() function of 2.4 series Linux kernels exists, but it may not be exploitable under normal circumstances due to its functionality. * CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series Linux kernels does not properly decrement the mm_count counter when an error occurs, triggering a memory leak that allows local users to cause a Denial of Service by exhausting other applications of memory; causing the kernel to panic or to kill services. * CAN-2004-0495: Multiple vulnerabilities found by the Sparse source checker in the kernel allow local users to escalate their privileges or gain access to kernel memory. * CAN-2004-0535: The e1000 NIC driver does not properly initialize memory structures before using them, allowing users to read kernel memory. * CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an AMD64 architecture allow local users to cause a Denial of Service by a total system hang, due to an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions. -- Francesco P. Lovergine
